Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria. “TrickMo relies on a runtime-loaded APK (dex.module),
Tag: TrickMo
AI, Apps, Global Security News, malware, Network Security
Android banking Trojan TrickMo evolves using TON network for C2
ThreatFabric found a new TrickMo Android trojan focused on stealth and persistence, moving its command-and-control traffic to the TON network. Security researchers at ThreatFabric have recently identified a new version of TrickMo, a dangerous Android banking trojan that shows how malware operators are focusing less on flashy new features and more on improving stealth, flexibility,…
Global Security News, Network Security
TrickMo Variant Routes Android Trojan Traffic Through TON
ThreatFabric finds new TrickMo Android banking trojan variant routing C2 through The Open Network
AI, Europe, Global Security News, malware, Network Security
TrickMo Android banker adopts TON blockchain for covert comms
A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. […]